216.73.216.226

Active Exploitation of CVE-2025-5394 in Alone WordPress Theme

· Published 01/08/2025 15:39 · Modified 04/08/2025 09:19

Export JSON

Essential information

Published
01/08/2025 15:39
Modified
04/08/2025 09:19
Tags
2025-08-01 CVE-2025-5394 alone theme arbitrary file upload remote code execution theme vulnerability web shells wordpress
Related entities
4 techniques (mitre)

Description

A critical arbitrary file-upload () in the Alone - Charity Multipurpose Non-profit versions 7.8.3 and earlier is being actively exploited. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to upload malicious ZIP archives containing PHP backdoors, resulting in and full site takeover. The stems from a missing authorization check in the alone_import_pack_install_plugin() AJAX handler. Attackers can exploit this to upload , execute commands, deploy file managers, and create rogue admin accounts. Several IP addresses have been identified as sources of attacks. Website owners are urged to update to version 7.8.5 or later, verify site integrity, strengthen access controls, and enhance detection and monitoring measures.

External references